The Challenge
For this project, involving a multi-national manufacturer of truck parts, Eraneos were hired to help create a defined methodology and process for the execution of a structured and comparable risk assessment in relation to cyber security.
The issue was that the organization owned a wide range of different operational technology (OT)-devices that were used in its automotive production line. It had around 10,000 devices in its network, and more than 20 lines for one plant.
The approach
We got to work by planning and creating a risk management (RM) process, covering all phases of RM. We also developed a methodology for a model-driven holistic shopfloor risk assessment, focusing on executability and resource optimization, while generating comparable results.
At the same time, we introduced common criteria that were based on pre-rated risk scenarios, including an attack path and control catalog. This helped to simplify the execution of the risk assessment. Finally, we created a risk register, which was used to visualize a risk map.
A multi-national truck parts manufacturer and assembly group for one of the largest truck and commercial vehicle manufacturers in the world.
The result
In completing this project, Eraneos created an IEC62443 tailored approach that allowed the truck parts manufacturer to model risks in a comparable manner (ISO 15408). The real impact here was that this now offers the manufacturer a real price tag using a value stream.
Another great result is that the company’s production area is highly streamlined and organized in value streams following its pull material provisioning, which leaves little room for production outages caused by cyber-attacks.